Koozali.org: home of the SME Server
Obsolete Releases => SME 7.x Contribs => Topic started by: CKConsulting on June 14, 2006, 04:09:42 AM
-
Using http://hanscees.com Openvpn How To:
How can I set up mulitple sites (clients) to point to one site (server)
(Several remote offices VPNing back to the main office)
Thanks,
Rick
-
It should be possible.
I think you'll have to use different .conf en .up files for each connection and change the tunnel addresses and use a different port (other than 1194, e.g. 1195) for every connection.
But you might run into problems is if you've got the same ranges on these networks (e.g. multiple use 192.168.1.0/255.255.255.0)
Kind regards,
jester.
-
What is the tunnel address?
I created new .conf and .up files
with 10.4.0.3 and 10.4.0.4
it created a new tun1
the service comes up ok
but I can't ping any of the ip's 10.4.0.3 or 192.168.0.1
Each site is on a different subnet.
Rick
-
Rick,
With the tunnel adresses i meant the adresses you already altered (10.4.0.3 and 10.4.0.4); but i'm allso struggling with site-to-site OpenVPN, so beond this it is unknown territory for me as well. Did you add this net?
You might drop a line to Hans Cess directly, his address is on his site.
jester.
-
Thanks Jester,
I have one tunnel up and running just fine, what issues are you having?
Yes, I added the network using the lan info not the 10.4.0.1, I also added the tunnell address as a local network
10.4.0.0
255.255.255.0
192.168.1.201 (SME box)
192.168.31.0
255.255.255.0
192.168.1.201
Rick
-
I'm still working on mulitple VPN conections. It looks like client2 is still using port 1194 (See 2nd to last line below) I thought I opened the port using the command
config set openvpn service status enabled access public UDPPort 1195
Both openvpn services on server and client start up fine.
tun0 works fine
tun1 does not, no pings on the openvpn subnet 10.4.1.0
Jun 16 11:57:04 dsme7 openvpn[4015]: Restart pause, 2 second(s)
Jun 16 11:57:06 dsme7 openvpn[4015]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Jun 16 11:57:06 dsme7 openvpn[4015]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jun 16 11:57:06 dsme7 openvpn[4015]: Re-using SSL/TLS context
Jun 16 11:57:06 dsme7 openvpn[4015]: LZO compression initialized
Jun 16 11:57:06 dsme7 openvpn[4015]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Jun 16 11:57:06 dsme7 openvpn[4015]: Preserving previous TUN/TAP instance: tun0
Jun 16 11:57:06 dsme7 openvpn[4015]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Jun 16 11:57:06 dsme7 openvpn[4015]: Local Options hash (VER=V4): 'f4924c4c'
Jun 16 11:57:06 dsme7 openvpn[4015]: Expected Remote Options hash (VER=V4): '468d3e28'
Jun 16 11:57:06 dsme7 openvpn[4015]: UDPv4 link local (bound): [undef]:1194
Jun 16 11:57:06 dsme7 openvpn[4015]: UDPv4 link remote: 66.83.123.123:1195
Thanks
Rick
-
I got it working!!!!!
I'll work on a write up.
Rick
-
The link below are the steps I used to create multiple tunnel's, 99.9 percent of the work was taken from Hannsee's site. The main thing was adding an additional port and pointing the server.conf to the new port. I also made a couple changes to the .up files to add the local networks. They seem to be staying up and running and they also come back on a reboot. Speed also seems to be very good.
http://www.doerr.biz/sme/openvpn.html
If you find anything wrong please let me know.
Rick